Jump to content


dverbern

Getting SCCM to talk to Workgroup DMZ servers

Recommended Posts

Hi All,

 

I am trying to get SCCM client to install and talk to servers that are Workgroup (non-domain joined) and sitting in a DMZ, i.e. outside our regular domain.

We have a MP installed in the DMZ that is intended to communicate with devices in the DMZ, domain-joined or not.

The DMZ domain-joined machines SCCM clients work fine, its the DMZ workgroup machines that don't.

 

I am installing SCCM client with syntax like: ccmsetup.exe /mp:{MPserver for DMZ FQDN} SMSSITECODE={our site code} FSP={MP for our regular domain}

 

* I have added the IP and hostname of our MP DMZ server into our Hosts file, so the workgroup machine can resolve the hostname of the MP.

* Our networks team has confirmed that there are no ports or firewalling blocking communication between the DMZ workgroup machines and our SCCM infrastructure.

* We have used our Active Directory Certification Services to install a Personal certificate to allow communicate between the host machine and our SCOM infrastructure. SCOM talks to these machines without issue, but SCCM is not.

 

The repeating errors in LocationServices.log of our DMZ Workgroup machines are as follows:

 

Any tips on troubleshooting?

post-16372-0-59346200-1400556988_thumb.png

Share this post


Link to post
Share on other sites

I'll also add that we have a Boundary and Boundary Group defined for the IP range these DMZ Workgroup servers sit in, so that is another bit that should be fine.

Share this post


Link to post
Share on other sites

Sorry for delay in responding, but thanks Peter for your contribution. I'll remove the SCCM client from my workgroup machine and reinstall with the modified command line you suggest and see how I go.

 

If you know of any specific logs that will shed light on why a connection may not be established, that would also be handy.

Share this post


Link to post
Share on other sites

I might also add, I have a certificate in "Personal" folder of the workgroup machine, issued by our Root Certification server for Server communication - can anyone advise whether such a certificate is required for SCCM to talk to servers outside the domain? We originally installed that certificate for SCOM to manage DMZ servers, but I wasn't sure whether SCCM also needed it.

Share this post


Link to post
Share on other sites

Thanks very much, Niall! Checking out your guide now.

Share this post


Link to post
Share on other sites

Niall, you have saved me! Your documentation spelled out exactly what I was missing - entries in my LMHOSTS file! Once I made the entries, I just had to find an installation command line that worked for our environment.

In my case, I had already copied the CCMsetup installation source files over to the workgroup machine and used the following syntax:

 

ccmsetup.exe /mp:{Our MP Server in the DMZ FQDN} SMSSITECODE={Our SMS Site Code} FSP={Our Primary Site Server}

 

After installation, I went into Devices in SCCM Admin Console and voila! Found the Workgroup server in Unapproved state, right-clicked, chose Approve, YES!

Thank you so very, very much!

Share this post


Link to post
Share on other sites

Does anyone know why do I get the following line is ccmsetup.log even though I have used the argument /MP: and also tried with SMSMP=.

Message in log: "No MPs were specified from commandline or the mobileclient.tcf."

The client tried to query MP from AD which obviously does not work as the server is in DMZ. Eventually the client installs with exit code 0 but does not report to MP. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.